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PENDING CLAIMS 



\ • 

1. (Currently Amended) A small footprint device comprising: 

ar at Wst one processing element configured to execute groups of one or more 




program modules in separate contexts, objects of a program module associated 
with a partibular context ; 
bz memory^ and 

6r a context barrier fofoeparating and isolating said contexts, said context barrier 
configured to use said memory to control object-oriented access of a program 
module executing in one context to information and/or a program module 
executing in another context, said context barrier further configured to prevent 
said access if said access is unauthorized and enable said access if said access is 
authorized , using said memory and running on said processing el e ment, for 
isolating program modules from on e anoth e r . 

2-24 (Cancelled) 

25. (Previously Added) The small footprint device of claiiX 1 in which said at least one 
processing element is a virtual machine running on a processor. 



26. (Previously Added) The small footprint device of claim 25 in wbich said virtual 
machine runs on top of a card operating system. 
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27. (Cancelled) 
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28. (Canceled) 



29. (Currently Amended) The small footprint device of claim ¥1- 1 in which said context 



2nde< 



barrier allocates separate respective name spaces for each context. 



30. (Previously Added) TheWtall footprint device of claim 2? 1 in which said context 
barrier allocates separate respective memory spaces for each context. 

31. (Previously Added) The small footprint device of claim 1 in which at least one 
program module comprises a plurality of applets. 

32. (Previously Added) The small footprint cfevice of claim 1 in which said context 
barrier enforces at least one security check ori at least one of principal, object or 
action to prevent access from a principal in oneVontext to an object in a different 
context. 

33. (Cancelled) 



34. (Cancelled) 
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35. (Cihrently Amended) The small footprint device of claim 33 32 in which at least 
one security check is based on partial name agreement between a principal and an 
object. 

36. (Currently Amended) The small footprint device of claim 33 32 in which at least 
one security check is o^sed on memory space agreement between a principal and an 
object. 

37. (Currently Amended) A method of operating a small footprint device that includes a 
processing machine, wherein program modules are executed on the processing 
machine, the method comprising; thAt e p of 

executing groups of one or more program modules in separate contexts, objects of a 

program module associated with a particular context; and 
providing a context barrier for separating and\solating said contexts and for 

controlling the object-oriented access of a p\ogram module executing in one 

context to information and/or a program module executing in another context, 

said providing further comprising: 

preventing said access if said access is unauthorized; and 

enabling said access if said access is authorized. 
pr e venting access from one program module to a different program modules using a 

cont e xt barrier. 
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38. (Pris^iously Added) The method of claim 37 in which the context barrier is 
implemented using a virtual machine. 



39. (Cancelled) 



40. (Cancelled) 



41. (Currently Amended) The method of claim 4Q 37 in which the context barrier will 
not permit a principal to accessVi object unless both principal and object are part of 
the same name space. \ 



42. (Currently Amended) The method of claim 59 37 in which the context barrier will 
not permit a principal to access an object unless both principal and object are part of 
the same memory space. \ 



43. (Previously Added) The method of claim 37 in which the context barrier will not 
permit a principal to perform an action on an object unless both principal and object 
are part of the same context. \ 



44. (Previously Added) The method of claim 43 in which the context barrier will permit 
a principal to perform an action on an object when they are not part of the same 
context if the principal is authorized to perform the action on the omect. 
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45. (PrevWsly Added) The method of claim 44 in which the principal is authorized if it 
passes at least one security check. 

46. (Previously AddVl) The method of claim 45 in which said at least one security 
check is one of a plurality of security checks. 

47. (Previously Added) The method of claim 44 in which, if a principal in a first context 
is authorized to perform oneW more actions on an object in a second context, when 
the action is performed it will\?cecute within the second context. 

48. (Previously Added) The methodo^elaim 47 in which, f when one or more actions are 
authorized in the second context, subsequent actions will be authorized based on 
executing in the second context, and a principal in the second context will be able to 
access objects in the second context. 

49. (Previously Added) The method of claim 48 in which, when one or more actions 
complete in the second context, execution will return to the first context. . 

50. (Previously Added) The method of claim 47 in which, when action is undertaken in 
the second context that requires access to an object in a thirc^ context, the action will 
execute within the third context. 
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51. ^Previously Added) The method of claim 50 in which switches to a new context will 
occW any time action is authorized on an object in a new context. 

52. (CurrentlyvAmended) A computer program product, comprising: 
et? a memorysmedium; and 

bz a computer controlling element comprising instructions for implementing a 
context. barrier \n a small footprint device , said small footprint device 
comprising: 

at least one processing element configured to execute groups of one or more 
program modules ii\separate contexts, objects of a program module 
associated with a particular context; 

memory; and 

a context barrier for separating ^od isolating said contexts, said context barrier 
configured to use said memoryV) control object-oriented access of a 
program module executing in oneycontext to information and/or a program 
module executing in another content, said context barrier further configured 
to prevent said access if said access ^unauthorized and enable said access if 
said access is authorized . 

53. (Previously Added) The computer program produc^of claim 52 in which said 
memory medium is a carrier wave. 



54. (Currently Amended) A computer program product, comprising: 
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&7 a r^emory medium; and 

kr a computer controlling element comprising instructions for separating a plurality 
of programs on a small footprint device , said small footprint device comprising: 
at least one processing element configured to execute groups of one or more 

program modules in separate contexts, objects of a program module 

associated witlrsa particular context; 
memory; and 

a context barrier for separating and isolating said contexts, said context barrier 
configured to use said memory to control object-oriented access of a program 
module executing in one context to information and/or a program module 
executing in another context,\aid context barrier further configured to 
prevent said access if said access is unauthorized and enable said access if 
said access is authorized by running^ them in r e sp e ctiv e contexts . 



55. (Previously Added) The computer program product of claim 54 in which said 
memory medium is a carrier wave. 



56. (Currently Amended) A carrier wave carrying instructions for implementing a 
context barrier on a small footprint device over a communications lin k, said small 
footprint device comprising: 
at least one processing element configured to execute groups ofione or more program 

modules in separate contexts, objects of a program module associated with a 

particular context; 
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memfrrv; and 

a contexrbarrier for separating and isolating said contexts, said context barrier 
configure&to use said memory to control object-oriented access of a program 
module executfag in one context to information and/or a program module 
executing in anotheK context, said context barrier further configured to prevent 
said access if said acceskis unauthorized and enable said access if said access is 
authorized . 

57. (Currently Amended) A carrier wave cVrying instructions over a communications 
link for separating a plurality of programs a small footprint device , said small 
footprint device comprising: 
at least one processing element configured to exe<?ute groups of one or more program 

modules in separate contexts, objects of a program module associated with a 

particular context; 
memory; and 

a context barrier for separating and isolating said contexts, saiYl context barrier 
configured to use said memory to control object-oriented access of a program 
module executing in one context to information and/or a program module 
executing in another context, said context barrier further configured to prevent 
said access if said access is unauthorized and enable said access if said access is 
authorized by running them in respective cont e xts 
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58. (Currently Amended) A method of shipping code over a network, comprising the 
step of tknsmitting a block of code from a server, said block of code comprising 
instructions over a communications link for separating a plurality of programs on a 
small footprint dtevice , said small footprint device comprising: 
at least one processihg element configured to execute groups of one or more program 
modules in separateycontexts, objects of a program module associated with a 
particular context; 
memory; and 

a context barrier for separating an^ isolating said contexts, said context barrier 
configured to use said memory tb control object-oriented access of a program 
module executing in one context to\nformation and/or a program module 
executing in another context, said context barrier further configured to prevent 
said access if said access is unauthorizedand enable said access if said access is 
authorized i 
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